--On 10 September 2005 13:03:29 -0600 Joe Peterson <joe@skyrush.com> wrote: ...
What I tried was pretty simple: Mailman doesn't have to deal with these things itself, but if it strips the old keys from the header, the keys will be regenerated on the way out by the MTA, thereby making the whole process clean. So the receiver of the email can at least verify that the mail came from the host hosting Mailman. I suppose Mailman could also check email on the way in for valid keys if it wanted, but that's another subject...
No, the MTA should check the keys. That is; if you ever want to reject mail on the basis of them. Mailman can't reject mail without generating collateral SPAM. What would be nice would be a way that Mailman *could* refuse to accept mail from the MTA.
You could also configure your MTA to remove the keys. I presume it will want to do that when forwarding mail for any reason.
-- Ian Eiloart Servers Team Sussex University ITS